41e13aa46796382a8c99064efae8c5812452d265ca799b0d0ba81739f9e4fee1

Sharing

Copy URL

Twitter E-mail

General

Target

41e13aa46796382a8c99064efae8c5812452d265ca799b0d0ba81739f9e4fee1
Size

7.3MB
MD5

b1da796d9070887f5a440504274a0421
SHA1

7c5b92a950a2af90d49c9748b2e5c0f94308b273
SHA256

41e13aa46796382a8c99064efae8c5812452d265ca799b0d0ba81739f9e4fee1
SHA512

3d80b57b7c402becfa0fbe11846e2adc050050ed2222c9509dbdf2d0f0f224b08d9c64a5c2cb5c810b8853009cc45679dd1690fd6f4b8c9ff74909515e88ad06
SSDEEP

98304:X6dE+r7+7IWzR16MoIw1fEOAWrzxm1hEV9pw0clIuLKcTEB5SO1/:X6P4zHO1MOAWrNK29pw0oXonn1/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e13aa46796382a8c99064efae8c5812452d265ca799b0d0ba81739f9e4fee1

Files

41e13aa46796382a8c99064efae8c5812452d265ca799b0d0ba81739f9e4fee1
.exe windows:5 windows x86

13f135d1f77d09843895ec6e9e468085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLongPathNameW
OpenProcess
SetEndOfFile
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetVolumeInformationW
GetFileAttributesExW
GetCurrentProcess
OpenThread
lstrcmpA
lstrcmpiW
GetModuleHandleExW
GlobalSize
GlobalLock
GlobalUnlock
SystemTimeToFileTime
GetModuleHandleA
GetVersionExW
GetBinaryTypeW
ProcessIdToSessionId
InterlockedIncrement
GetCommandLineW
GetFileInformationByHandle
GetStdHandle
SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GlobalMemoryStatus
GetProcessAffinityMask
IsProcessorFeaturePresent
ReleaseSemaphore
GetLocalTime
GetFileSizeEx
FindClose
LocalFree
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MapViewOfFile
GetCurrentThreadId
LoadLibraryW
CreateFileMappingW
UnmapViewOfFile
InterlockedCompareExchange
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
GlobalAlloc
GetFileType
ExitProcess
ExitThread
RtlUnwind
InterlockedDecrement
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
FindResourceW
OutputDebugStringW
SetFilePointer
WriteFile
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapDestroy
LockResource
CreateProcessW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
SetThreadAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetThreadTimes
TerminateProcess
CreateSemaphoreW
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
FreeLibraryAndExitThread
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetSystemWindowsDirectoryW
FreeResource
lstrcmpiA
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
GetACP
MulDiv
VerSetConditionMask
VerifyVersionInfoW
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
CreateFileA
LocalFileTimeToFileTime
LCMapStringW
CompareStringW
FormatMessageW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
TryEnterCriticalSection
GetStringTypeW
IsDebuggerPresent
GlobalFree
SetFilePointerEx
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
ReadFile
FindNextFileW
FindFirstFileW
CreateFileW

user32

IsWindow
DestroyWindow
ShowWindow
GetWindowLongW
SetWindowLongW
AttachThreadInput
IsIconic
BringWindowToTop
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
FindWindowW
GetWindowThreadProcessId
GetDesktopWindow
DrawTextW
SetClipboardData
EmptyClipboard
GetAsyncKeyState
GetSysColor
ClientToScreen
SetCursor
IntersectRect
UnionRect
EqualRect
MonitorFromPoint
PtInRect
OffsetRect
IsZoomed
GetCursorPos
GetKeyState
ScreenToClient
SetWindowRgn
UpdateLayeredWindow
IsRectEmpty
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
InvalidateRect
ReleaseCapture
SetCapture
GetFocus
GetDC
CallWindowProcW
RegisterClassW
LoadCursorW
ReleaseDC
SetWindowPos
IsWindowVisible
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
SetWindowTextW
CharNextW
EnableWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SetFocus
GetMonitorInfoW
MonitorFromWindow
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharUpperW
SendMessageW
PostQuitMessage
SetTimer
KillTimer
GetSystemMetrics
GetClientRect
GetWindowRect
MapWindowPoints
GetParent
GetWindow
LoadImageW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
ConvertSidToStringSidW
GetUserNameW
GetTokenInformation
OpenProcessToken
RegEnumKeyExA
OpenSCManagerW
EnumServicesStatusW

shell32

ord165
CommandLineToArgvW
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
OleInitialize
OleUninitialize
CoCreateGuid
CoTaskMemAlloc

oleaut32

SysAllocString
VariantClear
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocStringLen

shlwapi

PathIsRelativeW
SHSetValueW
PathRemoveExtensionW
StrStrIA
SHGetValueA
SHSetValueA
PathRemoveBackslashW
PathIsPrefixW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathCombineW
PathFindFileNameW
StrCmpIW
StrCmpNIW
StrStrIW
PathRemoveFileSpecW
SHGetValueW
PathCanonicalizeW
StrTrimA
PathAddBackslashW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

winmm

timeKillEvent
timeSetEvent

gdiplus

GdipGetPropertyItem
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipCreatePath
GdipDeletePath
GdipAddPathPath
GdipImageSelectActiveFrame
GdipDeleteBrush
GdipCloneBrush
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipAlloc
GdipDeleteRegion
GdipSetPathGradientFocusScales
GdiplusStartup
GdipFillRegion
GdipCloneImage
GdipCreatePathGradientFromPath
GdipGetPropertyItemSize
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCreatePen1
GdipDeletePen
GdipDrawArc
GdipCreateLineBrushFromRect
GdipSetLineBlend
GdipCreatePen2
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImageRect
GdipImageRotateFlip
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateRegionPath
GdipLoadImageFromFile
GdipMeasureString
GdipFillEllipse
GdipDrawEllipse
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipCreateLineBrushFromRectI
GdipFillPath
GdipCreateSolidFill
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFree
GdipClosePathFigure
ord1
GdipAddPathLine
GdipAddPathEllipse
GdipAddPathRectangle
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDisposeImage
GdipGetWorldTransform

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msimg32

AlphaBlend

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestW
HttpSendRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetSetOptionW
HttpQueryInfoW

gdi32

DeleteObject
CreateRoundRectRgn
BitBlt
GetStockObject
CreateFontIndirectW
GetDeviceCaps
GetWindowOrgEx
CreateRectRgnIndirect
SaveDC
ExtSelectClipRgn
RestoreDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
SetWindowOrgEx
SetStretchBltMode
StretchBlt
SetTextColor
SetBkColor
SetBkMode
GetObjectA
GetObjectW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.4MB - Virtual size: 16.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13f135d1f77d09843895ec6e9e468085

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

comctl32

winmm

gdiplus

imm32

msimg32

iphlpapi

wininet

gdi32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 262KB - Virtual size: 261KB

.data Size: 42KB - Virtual size: 70KB

.rsrc Size: 16.4MB - Virtual size: 16.4MB

.reloc Size: 70KB - Virtual size: 69KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 262KB - Virtual size: 261KB

.data
Size: 42KB - Virtual size: 70KB

.rsrc
Size: 16.4MB - Virtual size: 16.4MB

.reloc
Size: 70KB - Virtual size: 69KB